Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Make master node work #70

Closed
wants to merge 10 commits into from
Closed

[WIP] Make master node work #70

wants to merge 10 commits into from

Conversation

iaguis
Copy link
Contributor

@iaguis iaguis commented Mar 21, 2017
edited

This adds a working configuration for a master node.

Caveats

  • There're some hacks involved (see TODOs)
  • The changes to the cloudconfig are applied directly to the vendor directory.
  • We add the domain k8s.cluster.giantswarm.io to /etc/hosts pointing to 127.0.0.1 and we use ports 6443 (k8s secure) and 2379 (etcd) instead of 443 because we don't have the ingress controllers set up.

Testing

You need to issue some certificates using certctl with "CN=*.cluster.giantswarm.io" for the apiserver, etcd and calico and put them in a directory to pass them to the operator:

> tree certs
certs
├── apiserver-ca.pem
├── apiserver-crt.pem
├── apiserver-key.pem
├── calico
│   ├── client-ca.pem
│   ├── client-crt.pem
│   └── client-key.pem
└── etcd
    ├── server-ca.pem
    ├── server-crt.pem
    └── server-key.pem

2 directories, 9 files

Then, you can start the test "cluster" (only one master):

$ kubectl create -f examples/cluster-cool.yml

On your host, you can add the IP of the instance to /etc/hosts:

> cat /etc/hosts
#
# /etc/hosts: static lookup table for host names
#

#<ip-address>	<hostname.domain.org>	<hostname>
127.0.0.1	localhost.localdomain	localhost
::1		localhost.localdomain	localhost
XX.XX.XX.XX     k8s.cluster.giantswarm.io

Then you can create a kubeconfig similar to this:

apiVersion: v1
clusters:
- cluster:
    user: iago
    certificate-authority: /path/to/certs/apiserver-ca.pem
    server: https://k8s.cluster.giantswarm.io:6443
  name: operator
contexts:
- context:
    cluster: operator
    user: iago
  name: operator
current-context: operator
kind: Config
preferences: {}
users:
- name: iago
  user:
    client-certificate: /path/to/certs/apiserver-crt.pem
    client-key: /path/to/certs/apiserver-key.pem

After that you should have a working kubectl:

$ kubectl cluster-info
Kubernetes master is running at https://k8s.cluster.giantswarm.io:6443

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

Pods can't be scheduled because we need workers for that.

xh3b4sd
xh3b4sd reviewed Mar 21, 2017
View reviewed changes
Copy link
Contributor

@xh3b4sd xh3b4sd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool you made the master access work. How do you want to roll with this? The abstraction issues should at least be tracked in our boards as well as the TODOs and then we should continue working there. How is your roadmap with this?

vendor/github.com/giantswarm/k8scloudconfig/templates.go
Requires=k8s-setup-network-env.service
After=k8s-setup-network-env.service
Requires=k8s-setup-network-env.service decrypt-tls-assets.service
After=k8s-setup-network-env.service decrypt-tls-assets.service
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

decrypt-tls-assets.service is AWS specific, right? This does not work that way when we want to have the cloud config manager being abstracted. The dependency statements probably can be the other way around so that we do not pollute the cloud config.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, this is just a temporary hack because for some reason my decrypt-tls-assets.service wasn't starting.

It's not the proper way to solve it but I'll look at it tomorrow.

vendor/github.com/giantswarm/k8scloudconfig/templates.go
ExecStop=/opt/bin/calicoctl node stop --force
ExecStopPost=/bin/bash -c "find /tmp/ -name '_MEI*' | xargs -I {} rm -rf {}"
ExecStopPost=/bin/bash -c "/opt/bin/calicoctl bgp peer remove $(echo ${BRIDGE_IP} | cut -d'.' -f1-3).0"
ExecStopPost=/usr/bin/etcdctl --endpoints=http://127.0.0.1:2383 rm /calico/v1/host/{{.Node.Hostname}}-flannel/bird_ip
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not certain but this is maybe necessary for making the guest clusters created by the KVM operator work. So this should be abstracted then.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed.

@iaguis
Copy link
Contributor Author

iaguis commented Mar 21, 2017

Cool you made the master access work. How do you want to roll with this? The abstraction issues should at least be tracked in our boards as well as the TODOs and then we should continue working there. How is your roadmap with this?

My plan is:

  • Create issues for the abstraction problems
  • Try to get rid of some (like the decrypt-assets one mentioned above)
  • Try to split changes that make sense and create PRs to k8scloudconfig
  • Work on/Help with making the worker nodes work

@xh3b4sd
Copy link
Contributor

xh3b4sd commented Mar 21, 2017

Ok cool. I think it would make sense to derive upcoming feature branches for further changes from this branch and merge into here first. Then we see the TODOs missing and do not pollute master. Would that work?

@iaguis
Copy link
Contributor Author

iaguis commented Mar 22, 2017

Ok cool. I think it would make sense to derive upcoming feature branches for further changes from this branch and merge into here first. Then we see the TODOs missing and do not pollute master. Would that work?

That works for me, although keep in mind that most of the changes I make here are in vendor, so they should reach k8scloudconfig or be separated to templates in this repo at some point.

I think deriving workers' cloudconfig changes from this branch makes sense so we can have a branch that has both master and workers.

@iaguis iaguis mentioned this pull request Mar 22, 2017
Merged
@nhlfr
Copy link

nhlfr commented Apr 3, 2017

Please don't delete the branch

@nhlfr nhlfr closed this Apr 3, 2017
@asymmetric asymmetric mentioned this pull request Apr 5, 2017
Merged
pipo02mix pushed a commit that referenced this pull request Dec 27, 2017
@xh3b4sd
updated vendor deps (#70)
ee84eec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xh3b4sd xh3b4sd xh3b4sd left review comments

@asymmetric asymmetric Awaiting requested review from asymmetric

@JosephSalisbury JosephSalisbury Awaiting requested review from JosephSalisbury

@nhlfr nhlfr Awaiting requested review from nhlfr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@iaguis @xh3b4sd @nhlfr